Enabling the ADSI Option
search cancel

Enabling the ADSI Option


Article ID: 11255


Updated On:


CA Directory CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On CA Security Command Center CA Data Protection (DataMinder) CA User Activity Reporting


How to enable the ADSI option that is by default disabled?


Release: CAPUEL99000-12.5-Identity Manager-Blended upgrade to Identity &-Access Mgmt Ente


Important! ADSI is not fully supported and by default, is disabled.

WARNING! Do not use the ADSI or non-secure LDAP options in production environments.

The ADSI option allows you to test creating accounts with passwords and is sometimes useful for testing prior to acquiring SSL certificates. 

By default, the option button for enabling ADSI is disabled.
For example, Use LDAP with SSL; use ADSI to set passwords only.

To enable this option, the ADS_ALLOW_ADSI=1 environment variable must be added.

To activate ADSI you need to create and set the environmental value to:
Then restart the Provisioning services.
The option will then be available.

If ADSI does not work, try the following:

  • Install the Windows Support Tools on the Active Directory Services server you want to manage.
  • Run the Provisioning Server in the same domain as the Active Directory server.
  • Confirm that the Preferred DNS server field is set correctly on the Provisioning server.
  • Start the Provisioning service with an ADS-domain -administrator account.